Privacy Policy

Last updated: February 11, 2026

1. Introduction

Rush Spike, Inc. ("Rush Spike," "we," "us," or "our") operates the Rush Spike platform, which provides AI-powered voice ordering and delivery management services for pizza restaurants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Our platform serves three categories of users, each with different data collected:

  • Restaurant operators — business owners and staff who manage menus, orders, and store operations
  • End customers — individuals who place orders via phone or other channels
  • Delivery drivers — individuals who fulfill delivery orders on behalf of restaurants

2. Information We Collect

Restaurant operators:

  • Name, email address, phone number, and role when creating an account
  • Restaurant menu data, store locations, business hours, and operational settings provided during onboarding
  • Payment configuration for receiving customer payments (via Stripe Connect)

End customers:

  • Phone number, name, and delivery address (including geocoded latitude/longitude coordinates) collected during voice orders
  • Order details including items, modifiers, and special instructions
  • Voice conversation content — full transcripts of AI voice interactions, including what you say and the AI agent's responses, along with call duration and timestamps
  • Payment card metadata — card last four digits, brand, and expiration date (full card numbers are never stored on our servers; see Section 7)
  • SMS consent status, including opt-in/opt-out preferences and the source of consent
  • Address history — each delivery address change is stored as an immutable version linked to your orders

Delivery drivers:

  • Name, phone number, and vehicle information
  • Real-time GPS location — collected while on duty to enable delivery tracking and dispatch optimization, with updates as frequent as once per minute
  • Location history — a record of GPS positions retained for 90 days for delivery verification and route analysis
  • Delivery proof photographs, which may include GPS coordinates and timestamps
  • Authentication data including SMS verification codes and session tokens

Demo visitors:

  • Name, email address, company name, phone number, and estimated location count when requesting a demo

Automatically collected (all users):

  • Device and browser information, IP address, and operating system
  • Usage data including pages visited, time spent, and navigation patterns
  • Security logs including IP addresses, user agent strings, and failed authentication attempts for fraud detection

3. How We Use Your Information

  • To provide, operate, and maintain our voice ordering and delivery management platform
  • To process and fulfill restaurant orders placed through our system
  • To track driver locations for real-time delivery dispatch, route optimization, and estimated arrival times
  • To send transactional communications (order confirmations, delivery updates) via SMS
  • To manage SMS consent preferences and honor opt-out requests
  • To respond to demo requests, support inquiries, and customer service needs
  • To improve our AI voice agent accuracy and service quality, including reviewing conversation transcripts
  • To detect, prevent, and address technical issues, fraudulent activity, and security threats through audit logging and monitoring
  • To geocode delivery addresses for accurate delivery routing
  • To comply with legal obligations

4. Cookies and Tracking

We use essential cookies only: a session cookie to keep you logged in and a preference cookie for your display settings (such as dark mode). We do not use third-party advertising or analytics cookies. If we introduce analytics cookies in the future, we will update this policy and notify you accordingly.

5. Third-Party Services

We work with trusted third-party providers to deliver our services:

  • Twilio: Voice call routing, SMS delivery notifications, and phone-based card payment capture (Twilio Pay)
  • Stripe: Payment processing, card tokenization, and tax calculation for card transactions
  • OpenAI: AI voice agent processing for phone orders
  • Cloudflare: File and photo storage (delivery proof images)
  • Mapbox: Delivery route mapping and optimization
  • OpenStreetMap / Nominatim: Address geocoding (converting addresses to coordinates)
  • Sentry: Application error monitoring (personal data is excluded from error reports)

These providers have their own privacy policies and are contractually obligated to protect your data. We share only the minimum information necessary for each service to perform its function.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specific retention periods include:

  • Driver location history: 90 days
  • Voice conversation logs: Duration of the restaurant's business relationship with us
  • Order data: Duration of the business relationship plus any legally required retention period
  • Customer address versions: Retained as immutable records linked to order history for integrity and dispute resolution
  • Security audit logs: Retained as required for fraud prevention and legal compliance

You may request deletion of your data at any time by contacting us (see Section 13).

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS) and encryption at rest
  • PCI-compliant payment handling — card numbers are captured via Twilio Pay (phone keypad entry) or Stripe and tokenized; full card numbers are never stored on our servers
  • Security audit logging of authentication events, IP addresses, and access patterns
  • Rate limiting and account lockout protections against brute-force attacks
  • Role-based access controls limiting data access to authorized personnel

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected users promptly in accordance with applicable law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict certain processing activities
  • Request a portable copy of your data

Please note that certain records — such as customer address versions linked to completed orders — may be retained for order integrity and legal compliance even after a deletion request. We will inform you of any such limitations when processing your request.

Payment methods used with a restaurant may be associated with that restaurant's payment account. Payment data is not shared between separate restaurant organizations on our platform.

To exercise any of these rights, please contact us using the information in Section 13.

9. SMS Communications

We may send SMS messages related to your orders, including delivery status updates and order confirmations. We track your SMS consent status to ensure we only send messages you have agreed to receive.

You can opt out of SMS communications at any time by:

  • Replying STOP to any message we send
  • Contacting us at the email address below

Opting out of SMS will not affect transactional messages required to complete an active order. We maintain an audit trail of consent changes for compliance purposes.

10. Children's Privacy

Our services are not directed at children under the age of 13, and we do not knowingly collect personal information from children. Because orders may be placed by phone, we cannot verify the age of every caller. If a parent or guardian believes their child has provided personal information through our platform, please contact us and we will promptly delete that information.

11. Data Transfers

Your information is processed and stored in the United States. Our third-party service providers (listed in Section 5) are also based in the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at sales@rushspike.com.